Vulnerabilities > Keking > Kkfileview > 4.0.0

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-42147 Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0
kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
network
low complexity
keking CWE-79
6.1
6.1
2022-10-17 CVE-2022-42149 Server-Side Request Forgery (SSRF) vulnerability in Keking Kkfileview 4.0.0
kkFileView 4.0 is vulnerable to Server-side request forgery (SSRF) via controller\OnlinePreviewController.java.
network
low complexity
keking CWE-918
critical
 9.8
9.8
2022-09-02 CVE-2022-36593 Path Traversal vulnerability in Keking Kkfileview 4.0.0
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.
network
low complexity
keking CWE-22
6.5
6.5
2022-05-25 CVE-2022-29349 Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0
kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.
network
low complexity
keking CWE-79
6.1
6.1
2022-02-15 CVE-2021-43734 Path Traversal vulnerability in Keking Kkfileview 4.0.0
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
network
low complexity
keking CWE-22
7.5
7.5